The Insidious Insider: How Compliance Management Software Smacks Down the Threat from Within

Pay attention to internal threats.

Most companies know that it’s important to pay close attention to protecting proprietary data. They develop and implement policies, procedures and protocols to ensure that their data won’t land in the wrong hands. They install firewall software to fortify data and cyber security. And then they sit back, confident that they’re protected.

The problem with this supposition is that it fails to take into account the very real threats from within the organization. It’s simply not enough to focus on the external. Given the fluidity of today’s business environment, organizations are foolish to ignore the dangers posed by disgruntled or terminated employees, undetectable access attained through personal mobile devices, excessive access granted to employees who should be working on a “need to know” basis, and failure of their de-provisioning processes.

According to security evangelist Tomer Teller in his article published in Forbes titled “The Biggest Cybersecurity Threats of 2013,” the trending around internal threats and BYOD are cause for significant concern. Teller states that many of the most dangerous security breaches originate inside the organization and are particularly devastating because of how much damage a privileged user account can do with all the data they can freely access.

The article references a study conducted by the U.S. Department of Homeland Security, the CERT Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute and the U.S. Secret Service. In this study researchers discovered that malicious insiders within the financial industry elude detection for 32 months on average. Just imagine how much damage can be done in 32 months.

Toller continues on to explain the full scope of the dangers presented by the BYOD trend and how many organizations are scrambling to come up with solutions around preserving security. Fully featured mobile devices serve as portable PCs, complete with web access, cameras and recording features. Essentially, any breach that can occur through a PC can occur through a personal mobile device, and, unless you’re set up with the right access governance and compliance management software, you’re flying without a safety net.

If you haven’t already considered and addressed these emerging threats, take heart — you’re not alone. So what can you do to protect your organization?

Start with an IT compliance management audit. Avatier’s Compliance Auditor provides you comprehensive purview to what’s happening on your networks and the ability to restrict or terminate access in real-time on a granular level.

Next, consider your access certification process and the compliance management software in use. Establish your business rules and leverage access certification software to preserve your security. In an increasingly fluid and turbulent environment, IT automation is the key to agility.

Finally, keep your eye on personal mobile devices. Consider yourself as vulnerable to breach through a mobile device as you are through a desk top PC — or even more so.

By paying attention to the threat from within and leveraging compliance management software, you’re in a great position to identify insidious insiders and stop them in their tracks before they wield serious damage on your organization. To achieve real-time, actionable protection, automation is the answer.

Learn the top 10 Access Governance Best Practices for successful implementations from experts. Sidestep the challenges that can derail GRC software and compliance management projects.

Written by Gary Thompson

Gary Thompson is a 35 year veteran of the PR industry. He was the president of Shandwick International, the world’s largest agency with 2000 people in 90 offices and 32 countries. A million mile flyer on both American and United, he got off the road at the “encouragement” of his wife. Four years ago, he founded his own firm, Clarity Communications, which counts Avatier as one its most successful clients.